$OpenBSD: patch-source3_utils_net_rpc_join_c,v 1.1 2014/02/06 04:33:25 brad Exp $

DCE-RPC fragment length field is incorrectly checked.
CVE-2013-4408

--- source3/utils/net_rpc_join.c.orig	Wed May  8 04:16:26 2013
+++ source3/utils/net_rpc_join.c	Tue Jan 28 02:16:43 2014
@@ -367,6 +367,15 @@ int net_rpc_join_newstyle(struct net_context *c, int a
 			    ("error looking up rid for user %s: %s/%s\n",
 			     acct_name, nt_errstr(status), nt_errstr(result)));
 
+	if (user_rids.count != 1) {
+		status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		goto done;
+	}
+	if (name_types.count != 1) {
+		status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+		goto done;
+	}
+
 	if (name_types.ids[0] != SID_NAME_USER) {
 		DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0]));
 		goto done;
